![Throw the Mind [dot] Com](http://throwthemind.com/blog/wp-content/themes/pixeled/images/rss-trans.png){kind=small}
Tag: Encryption
SSL
by Nathan on Aug.04, 2007, under Uncategorized
I may have SSL working…maybe.
[edit] And RSS feed is working.
Google Reader Watcher
by Nathan on Jul.10, 2007, under Uncategorized
I have been using Google Reader for about a year now, and I love it. It is the best web based RSS reader out there. A few months back I ran across a Firefox extension Google Reader Notifier. This had proved to be a great extension for showing how many items were unread in my RSS Reader. Then about a month ago the developer update and broke the extension. It just wasn’t reliable anymore. So I went on a search for a another extension, and what I found was even better. Google Reader Watcher does the same thing but uses SSL for its connection. I must recommend this extension for all Google Reader users.
OpenID Verification
by Nathan on Jun.13, 2007, under Uncategorized
The other day I was listening to Security Now, a podcast about computer security, and they where talking about OpenID. I have OpenID implemented on this site in case you didn’t know. Anyway, a cool thing about OpenID is since it is open source, you can create your own way to verify yourself. So I can run an OpenID server off my web host, thus I am responsible for my own security and authentication. I like this idea, but one thing I don’t like is that most OpenID server simple use the standard user name and password for verification. This kind of sucks if my credentials get compromised, as this would open up every site I use OpenID on.
Idea for Verification
I got to thinking about this and how it can be improved. First I would only use the user name and password as a way of telling the OpenID server to start its verification processes. The next step would be to have the server use a key located somewhere to authenticate the user. This key would have to be created new after a certain amount of time. Once this key is validated then the server would know its really you. The great thing about this system is the key isn’t created by the OpenID server, it has to be created outside the OpenID server. This way if your user name and password are compromised they would only be good for a day, or less depending on how you have your key set up.
Idea for Storing the Key
- The key could be stored in a non web accessible directory on the the same web server as OpenID. This would entail logging into the server though ssh or other means and creating the key. Still pretty safe as you would need access to the server in order to change the key.
- Another way could be simply running your own OpenID server on you local machine, and storing the key only when the server is running.
- GmailFs or other remote mounting disks.
- Another site to create the key, although I don’t like this idea.
- You could even encrypt the key, before storing it somewhere.
- Many other possibilities
SED Solution
by Nathan on Apr.28, 2006, under Uncategorized
I was thinking about the problem I have when I start working out at SED. They watch the network like hawks, and don’t let you go to a lot of places. But I need my irc. So here is my proposal. A packet wrapper. Make a local tunnel, kind of like ssh tunnels do, but instead of encrypting it and sending it through port 22, wrap all the packets, to make them say look they they are google packets. Then send them to a proxy on a remote host, who opens them and sends them on there way. Therefore Big Brother would see google packets going to some host, and I don’t think they would look to see who that host it. What does everyone think? Let me know, I had to write this down cause I didn’t want to forget it.
SSH Tunnel
by Nathan on Mar.03, 2006, under Uncategorized
So I finally got a SSH Tunnel set up and working. So everything that goes through the browser is encrypted. With this new job, I think they may actually watch the network, and I don’t like the idea of my traffic being watched. So now they cant see it…he he Well anyway, it’s off to the 2600 meeting tonight, then to the anti-V-day/housewarming party over at Honey’s, Cherry’s and Mog’s Should be fun, well at least I hope so. This will be the first time in a while I’m going to go out and not care what Lauren is doing for the night. Although we did spend a little time together today. It was weird cause, everything was the same when we used to hang out, except we didn’t touch each other, like couples do. So maybe we’re cool and can hang out and stuff. Well back to work.
ttfn
-
Welcome!
My name is Nathan Warner. I am a system administrator in Huntsville Al, member of Makers Local 256 and a semi-active Geocacher. Huntsville isn't the best city to have fun, so a lot of the time I make it fun. I helped start Makers Local and right now am working on @HSVsh a scavenger hunt in Huntsville. All of my contact info is at the bottom of the page. Thanks for stopping by! GeoCaching Stats
